Traditional Methods Provide Inadequate Security

The traditional UNIX command-line utility for copying named files and directories is remote copy (RCP). In heterogeneous networks, the Internet file transfer protocol (FTP) is commonly used for interactive directory listing and file copy. FTP and RCP are very useful file transfer tools, but they are not secure. Sniffers can easily capture usernames, passwords, directory listings, and file content.

The first version of Secure Shell (SSH1) reduced security risks by "port forwarding" RCP and FTP, tunneled over a Secure Shell session. These now-legacy methods are commonly referred to as secure copy (SCP) and FTP over Secure Shell, respectively. A client running RCP or FTP and Secure Shell software (for example, VanDyke Software's SecureCRT®) encrypts and tunnels traffic to a Secure Shell server (for example, VanDyke Software's VShell®). At the Secure Shell server, the tunneled stream is decrypted. The file server can be on the Secure Shell server itself. Alternatively (see Figure 1), the cleartext stream can be "port forwarded" from the Secure Shell server to a target file server located somewhere in the private network.

Figure 1: Port-Forwarded FTP Control Session (tunneled in SSH1 session)

Unfortunately, standard FTP uses separate TCP connections for control and data. FTP servers listen to port 21 for incoming requests. FTP clients authenticate themselves by connecting to this control port. Data connections are established as needed to get or put files, initiated from arbitrary ports. FTP control traffic can be port-forwarded over Secure Shell, preventing username and password sniffing. However, file content must be transferred outside Secure Shell, over an unprotected cleartext data connection.